<?php
/* $Id$ */
/*
    system_usermanager.php
    part of m0n0wall (http://m0n0.ch/wall)

    Copyright (C) 2008 Shrew Soft Inc.
    All rights reserved.

    Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
    All rights reserved.

    Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

##|+PRIV
##|*IDENT=page-system-usermanager
##|*NAME=System: User Manager page
##|*DESCR=Allow access to the 'System: User Manager' page.
##|*MATCH=system_usermanager.php*
##|-PRIV


require("guiconfig.inc");

if (isAllowedPage("system_usermanager")) {

	// start admin user code
	$pgtitle = array("服务管理","用户管理");
	$pgmenu = array('captiveportal', '/system_usermanager.php');

	$id = $_GET['id'];
	if (isset($_POST['id']))
		$id = $_POST['id'];

	if (!is_array($config['system']['user'])) 
		$config['system']['user'] = array();

	admin_users_sort();
	$a_user = &$config['system']['user'];

	if ($_GET['act'] == "deluser") {

		if (!$a_user[$id]) {
			pfSenseHeader("system_usermanager.php");
			exit;
		}

		local_user_del($a_user[$id]);
		$userdeleted = $a_user[$id]['name'];
		unset($a_user[$id]);
		write_config();
		$savemsg = gettext("用户")." {$userdeleted} ".
					gettext("已删除")."<br/>";
	}

	if ($_GET['act'] == "delpriv") {

		if (!$a_user[$id]) {
			pfSenseHeader("system_usermanager.php");
			exit;
		}

		$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
		unset($a_user[$id]['priv'][$_GET['privid']]);
		write_config();
		$_GET['act'] = "edit";
		$savemsg = gettext("Privilege")." {$privdeleted} ".
					gettext("successfully deleted")."<br/>";
	}

	if ($_GET['act'] == "expcert") {

		if (!$a_user[$id]) {
			pfSenseHeader("system_usermanager.php");
			exit;
		}

		$cert =& $a_user[$id]['cert'][$_GET['certid']];

		$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['name']}.crt");
		$exp_data = base64_decode($cert['crt']);
		$exp_size = strlen($exp_data);

		header("Content-Type: application/octet-stream");
		header("Content-Disposition: attachment; filename={$exp_name}");
		header("Content-Length: $exp_size");
		echo $exp_data;
		exit;
	}

	if ($_GET['act'] == "expckey") {

		if (!$a_user[$id]) {
			pfSenseHeader("system_usermanager.php");
			exit;
		}

		$cert =& $a_user[$id]['cert'][$_GET['certid']];

		$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['name']}.key");
		$exp_data = base64_decode($cert['prv']);
		$exp_size = strlen($exp_data);

		header("Content-Type: application/octet-stream");
		header("Content-Disposition: attachment; filename={$exp_name}");
		header("Content-Length: $exp_size");
		echo $exp_data;
		exit;
	}

	if ($_GET['act'] == "delcert") {

		if (!$a_user[$id]) {
			pfSenseHeader("system_usermanager.php");
			exit;
		}

		$certdeleted = $a_user[$id]['cert'][$_GET['certid']]['name'];
		unset($a_user[$id]['cert'][$_GET['certid']]);
		write_config();
		$_GET['act'] = "edit";
		$savemsg = gettext("Certificate")." {$certdeleted} ".
					gettext("successfully deleted")."<br/>";
	}

	if ($_GET['act'] == "edit") {
		if (isset($id) && $a_user[$id]) {
			$pconfig['usernamefld'] = $a_user[$id]['name'];
			$pconfig['fullname'] = $a_user[$id]['fullname'];
			$pconfig['expires'] = $a_user[$id]['expires'];
			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
			$pconfig['utype'] = $a_user[$id]['scope'];
			$pconfig['uid'] = $a_user[$id]['uid'];
			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
			$pconfig['priv'] = $a_user[$id]['priv'];
		}
	}

	if ($_GET['act'] == "new") {
		/*
		 * set this value cause the text field is read only
		 * and the user should not be able to mess with this
		 * setting.
		 */
		$pconfig['utype'] = "user";
	}

	if ($_POST) {
		conf_mount_rw();
		unset($input_errors);
		$pconfig = $_POST;

		/* input validation */
		if (isset($id) && ($a_user[$id])) {
			$reqdfields = explode(" ", "usernamefld");
			$reqdfieldsn = explode(",", "帐户");
		} else {
			$reqdfields = explode(" ", "usernamefld passwordfld1");
			$reqdfieldsn = explode(",", "帐户,密码");
		}

		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);

		if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
			$input_errors[] = gettext("帐户名称含有非法字符");

		if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
			$input_errors[] = gettext("两次输入密码不匹配。");

		/* make sure this user name is unique */
		if (!$input_errors && !(isset($id) && $a_user[$id])) {
			foreach ($a_user as $userent) {
				if ($userent['name'] == $_POST['usernamefld']) {
					$input_errors[] = gettext("该账户已存在。");
					break;
				}
			}
		}

		/*
		 * Check for a valid expirationdate if one is set at all (valid means,
		 * strtotime() puts out a time stamp so any strtotime compatible time
		 * format may be used. to keep it simple for the enduser, we only
		 * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
		 * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
		 * Otherwhise such an entry would lead to an invalid expiration data.
		 */
		if ($_POST['expires']){
			if(strtotime($_POST['expires']) > 0){
				if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
					$input_errors[] = "不能指定已失效的日期。";
				} else {
					//convert from any strtotime compatible date to MM/DD/YYYY
					$expdate = strtotime($_POST['expires']);
					$_POST['expires'] = date("m/d/Y",$expdate);
				}
			} else {
				$input_errors[] = "Invalid expiration date format; use MM/DD/YYYY instead.";
			}
		}

		if (isset($config['system']['ssh']['sshdkeyonly']) && empty($_POST['authorizedkeys']))
			$input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system.");

		/* if this is an AJAX caller then handle via JSON */
		if (isAjax() && is_array($input_errors)) {
			input_errors2Ajax($input_errors);
			exit;
		}

		if (!$input_errors) {
			$userent = array();
			if (isset($id) && $a_user[$id])
				$userent = $a_user[$id];

			isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";

			/* the user name was modified */
			if ($_POST['usernamefld'] <> $_POST['oldusername'])
				$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];

			/* the user password was mofified */
			if ($_POST['passwordfld1'])
				local_user_set_password($userent, $_POST['passwordfld1']);

			$userent['name'] = $_POST['usernamefld'];
			$userent['fullname'] = $_POST['fullname'];
			$userent['expires'] = $_POST['expires'];
			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);

			if (isset($id) && $a_user[$id])
				$a_user[$id] = $userent;
			else {
				$userent['uid'] = $config['system']['nextuid']++;
				$a_user[] = $userent;
			}

			local_user_set($userent);
			local_user_set_groups($userent,$_POST['groups']);
			write_config();

			conf_mount_ro();
			
			pfSenseHeader("system_usermanager.php");
		}
	}

	include("head.inc");
?>

<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
<?php include("fbegin.inc"); ?>
<!--
//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
//Script featured on JavaScript Kit (http://www.javascriptkit.com)
//For this script, visit http://www.javascriptkit.com
// -->
<script language="javascript" type="text/javascript" src="javascript/datetimepicker.js"></script>
<script language="JavaScript">
<!--

function setall_selected(id) {
	selbox = document.getElementById(id);
	count = selbox.options.length;
	for (index = 0; index<count; index++)
		selbox.options[index].selected = true;
}

function clear_selected(id) {
	selbox = document.getElementById(id);
	count = selbox.options.length;
	for (index = 0; index<count; index++)
		selbox.options[index].selected = false;
}

function remove_selected(id) {
	selbox = document.getElementById(id);
	index = selbox.options.length - 1;
	for (; index >= 0; index--)
		if (selbox.options[index].selected)
			selbox.remove(index);
}

function copy_selected(srcid, dstid) {
	src_selbox = document.getElementById(srcid);
	dst_selbox = document.getElementById(dstid);
	count = src_selbox.options.length;
	for (index = 0; index < count; index++) {
		if (src_selbox.options[index].selected) {
			option = document.createElement('option');
			option.text = src_selbox.options[index].text;
			option.value = src_selbox.options[index].value;
			dst_selbox.add(option, null);
		}
	}
}

function move_selected(srcid, dstid) {
	copy_selected(srcid, dstid);
	remove_selected(srcid);
}

function presubmit() {
	clear_selected('notgroups');
	setall_selected('groups');
}

//-->
</script>
<?php
	if ($input_errors)
		print_input_errors($input_errors);
	if ($savemsg)
		print_info_box($savemsg);
?>
<div class="soft_cont_right_table">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
	<tr>
		<td>
		<?php
			$tab_array = array();
			$tab_array[] = array(gettext("用户"), true, "system_usermanager.php");
			$tab_array[] = array(gettext("组"), false, "system_groupmanager.php");
			//$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
			//$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
			display_top_tabs($tab_array);
		?>
		</td>
	</tr>
	<tr>
		<td id="mainarea">
			<div class="tabcont">

				<?php if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors): ?>

				<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
						<?php
							$ro = "";
							if ($pconfig['utype'] == "system")
								$ro = "readonly = \"readonly\"";
						?>
	                    <tr>
	                        <td width="22%" valign="top" class="vncell"><?=gettext("创建者");?></td>
	                        <td width="78%" class="vtable">
	                            <strong><?=strtoupper($pconfig['utype']);?></strong>
								<input name="utype" type="hidden" value="<?=$pconfig['utype']?>"/>
	                        </td>
	                    </tr>
						<tr>
							<td width="22%" valign="top" class="vncellreq"><?=gettext("帐户");?></td>
							<td width="78%" class="vtable">
								<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/>
								<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
							</td>
						</tr>
						<tr>
							<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("密码");?></td>
							<td width="78%" class="vtable">
								<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
							</td>
						</tr>
						<tr>
							<td width="78%" class="vtable">
								<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" />&nbsp;<?= gettext("（确认）"); ?>
							</td>
						</tr>
						<tr>
							<td width="22%" valign="top" class="vncell"><?=gettext("名称");?></td>
							<td width="78%" class="vtable">
								<input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?=$ro;?>/>
								<br/>
								<?=gettext("用户的详细名称。");?>
							</td>
						</tr>
						<!--
						<tr>
							<td width="22%" valign="top" class="vncell">过期日</td>
							<td width="78%" class="vtable">
								<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=$pconfig['expires'];?>">
								<a href="javascript:NewCal('expires','mmddyyyy')">
									<img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="Pick a date">
								</a>
								<br>
								<span class="vexpl">格式： mm/dd/yyyy。永不过期请留空。</span></td>
						</tr>
						-->
						<tr>
							<td width="22%" valign="top" class="vncell"><?=gettext("所属组");?></td>
							<td width="78%" class="vtable" align="center">
								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
									<tr>
										<td align="center" width="50%">
											<strong>不属于</strong><br/>
											<br/>
											<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onChange="clear_selected('groups')" multiple>
												<?php
													foreach ($config['system']['group'] as $group):
//														if ($group['gid'] == 1998) /* all users group */
//															continue;
														if (in_array($group['name'],$pconfig['groups']))
															continue;
												?>
												<option value="<?=$group['name'];?>" <?=$selected;?>>
													<?=htmlspecialchars($group['name']);?>
												</option>
												<?php endforeach; ?>
											</select>
											<br/>
										</td>
										<td>
											<br/>
											<a href="javascript:move_selected('notgroups','groups')">
												<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="添加" alt="添加" width="17" height="17" border="0" />
											</a>
											<br/><br/>
											<a href="javascript:move_selected('groups','notgroups')">
												<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="删除" alt="删除" width="17" height="17" border="0" />
											</a>
										</td>
										<td align="center" width="50%">
											<strong>属于</strong><br/>
											<br/>
											<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onChange="clear_selected('nogroups')" multiple>
												<?php
													foreach ($config['system']['group'] as $group):
//														if ($group['gid'] == 1998) /* all users group */
//															continue;
														if (!in_array($group['name'],$pconfig['groups']))
															continue;
												?>
												<option value="<?=$group['name'];?>">
													<?=htmlspecialchars($group['name']);?>
												</option>
												<?php endforeach; ?>
											</select>
											<br/>
										</td>
									</tr>
								</table>
							</td>
						</tr>
                        <!--
						<?php if ($pconfig['uid']): ?>

						<tr>
							<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
							<td width="78%" class="vtable">
								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
									<tr>
										<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
										<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
										<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
										<td class="list"></td>
									</tr>
									<?php
											
										$privdesc = get_user_privdesc($a_user[$id]);
										if(is_array($privdesc)):
											$i = 0;
											foreach ($privdesc as $priv):
											$group = false;
											if ($priv['group'])
												$group = $priv['group'];
									?>
									<tr>
										<td class="listlr"><?=$group;?></td>
										<td class="listr">
											<?=htmlspecialchars($priv['name']);?>
										</td>
										<td class="listbg">
												<?=htmlspecialchars($priv['descr']);?>
										</td>
										<td valign="middle" nowrap class="list">
											<?php if (!$group): ?>
											<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
												<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
											</a>
											<?php endif; ?>
										</td>
									</tr>
									<?php
											/* can only delete user priv indexes */
											if (!$group)
												$i++;
											endforeach;
										endif;
									?>
									<tr>
										<td class="list" colspan="3"></td>
										<td class="list">
											<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
												<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
											</a>
										</td>
									</tr>
								</table>
							</td>
						</tr>
						<tr>
							<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
							<td width="78%" class="vtable">
								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
									<tr>
										<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
										<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
										<td class="list"></td>
									</tr>
									<?php
										
										$a_cert = $a_user[$id]['cert'];
										if(is_array($a_cert)):
											$i = 0;
											foreach ($a_cert as $cert):
						                        $ca = lookup_ca($cert['caref']);
									?>
									<tr>
										<td class="listlr">
											<?=htmlspecialchars($cert['name']);?>
										</td>
										<td class="listr">
											<?=htmlspecialchars($ca['name']);?>
										</td>
										<td valign="middle" nowrap class="list">
											<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
												<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="export private key" alt="export private key" width="17" height="17" border="0" />
											</a>
											<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
												<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="export cert" alt="export cert" width="17" height="17" border="0" />
											</a>
											<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this certificate?");?>')">
												<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete cert" />
											</a>
										</td>
									</tr>
									<?php
												$i++;
											endforeach;
										endif;
									?>
									<tr>
										<td class="list" colspan="2"></td>
										<td class="list">
											<a href="system_usermanager_addcert.php?userid=<?=$id?>">
												<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
											</a>
										</td>
									</tr>
								</table>
							</td>
						</tr>

						<?php endif; ?>

						<tr>
							<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
							<td width="78%" class="vtable">
								<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
								<br/>
								<?=gettext("Paste an authorized keys file here.");?>
							</td>
						</tr>
						-->
						<tr>
							<td width="22%" valign="top">&nbsp;</td>
							<td width="78%">
								<input id="submit" name="save" type="submit" class="formbtn" value="保存" />
								<?php if (isset($id) && $a_user[$id]): ?>
								<input name="id" type="hidden" value="<?=$id;?>" />
								<?php endif;?>
							</td>
						</tr>
					</table>
				</form>
 
				<?php else: ?>

				<table width="100%" border="0" cellpadding="0" cellspacing="0">
					<tr>
						<td width="25%" class="listhdrr">帐户</td>
						<td width="25%" class="listhdrr">名称</td>
						<td width="30%" class="listhdrr">组</td>
						<td width="10%" class="list"></td>
					</tr>
					<?php
						$i = 0;
						foreach($a_user as $userent):
					?>
					<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
						<td class="listlr">
							<table border="0" cellpadding="0" cellspacing="0">
								<tr>
									<td align="left" valign="center">
										<?php
											if($userent['scope'] != "user")
												$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
											else
												$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
										?>
										<img src="<?=$usrimg;?>" alt="用户" title="用户" border="0" height="16" width="16" />
									</td>
									<td align="left" valign="middle">
										<?=htmlspecialchars($userent['name']);?>
									</td>
								</tr>
							</table>
						</td>
						<td class="listr"><?=htmlspecialchars($userent['fullname']);?>&nbsp;</td>
						<td class="listbg">
								<?=implode(",",local_user_get_groups($userent));?>
							&nbsp;
						</td>
						<td valign="middle" nowrap class="list">
							<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="编辑" alt="编辑" width="17" height="17" border="0" />
							</a>
							<?php if($userent['scope'] != "system"): ?>
							&nbsp;
							<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("是否确认删除？");?>')">
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="删除" alt="删除" width="17" height="17" border="0" />
							</a>
							<?php endif; ?>
						</td>
					</tr>
					<?php
							$i++;
						endforeach;
					?>
					<tr>
						<td class="list" colspan="3"></td>
						<td class="list">
							<a href="system_usermanager.php?act=new">
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="添加" alt="添加" width="17" height="17" border="0" />
							</a>
						</td>
					</tr>
					<tr>
						<td colspan="3">
							<p><!--
								<?=gettext("Additional webConfigurator users can be added here.");?>
								<?=gettext("User permissions can be assinged diretly or inherited from group memberships.");?>
								<?=gettext("An icon that appears grey indicates that it is a system defined object.");?>
								<?=gettext("Some system object properties can be modified but they cannot be deleted.");?>
							--></p>
						</td>
					</tr>
				</table>

				<?php endif; ?>

			</div>
		</td>
	</tr>
</table>
<?php include("fend.inc");?>
</body>

<?php

	// end admin user code

} else {

	// start normal user code

	$pgtitle = array("服务管理","用户管理");

	if (isset($_POST['save'])) {
		unset($input_errors);

		/* input validation */
		$reqdfields = explode(" ", "passwordfld1");
		$reqdfieldsn = explode(",", "密码");

		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);

		if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
			$input_errors[] = "两次输入密码不一致。";

		if (!$input_errors) {
			// all values are okay --> saving changes
			$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));

			write_config();
			$savemsg = "密码已更改<br />";
		}
	}

	/* deterimine if user is not local to system */
	$islocal = false;
	foreach($config['system']['user'] as $user) 
		if($user['name'] == $_SESSION['Username'])
			$islocal = true;
?>

<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
<?php
    include("head.inc");
	include("fbegin.inc");
	if ($input_errors)
		print_input_errors($input_errors);
	if ($savemsg)
		print_info_box($savemsg);

	if($islocal == false) {
		echo "Sorry, you cannot change the password for a LDAP user.";
		include("fend.inc");
		exit;
	}
?>
<div id="mainarea">
	<div class="tabcont">
		<form action="system_usermanager.php" method="post" name="iform" id="iform">
			<table width="100%" border="0" cellpadding="6" cellspacing="0">
				<tr>
					<td colspan="2" valign="top" class="listtopic">修改密码</td>
				</tr>
				<tr>
					<td width="22%" valign="top" class="vncell" rowspan="2">密码</td>
					<td width="78%" class="vtable">
						<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" />
					</td>
				</tr>
				<tr>
					<td width="78%" class="vtable">
						<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" />
						&nbsp;<?=gettext("（确认）");?>
						<br/>
						<span class="vexpl">
							<?=gettext("输入新的密码。");?>
						</span>
					</td>
				</tr>
				<tr>
					<td width="22%" valign="top">&nbsp;</td>
					<td width="78%">
						<input name="save" type="submit" class="formbtn" value="<?=gettext("保存");?>" />
					</td>
				</tr>
			</table>
		</div>
		</form>
	</div>
</div>
<?php include("fend.inc");?>
</body>

<?php

} // end of normal user code

?>
